This repository consists of the back end code for the BC Parks Attendance & Revenue system (A&R) API. A&R helps Park Operators, BC Parks, and the BC Government track important statistical information to help guide budget allowances and any maintenance that needs to be done to parks.
Associated repos:
To contribute to this code, follow the steps through this link: https://bcgov.github.io/bcparks/collaborate
This project makes use of dynamodb-local for local development. You can start an instance of DyanmoDB using Docker.
docker run -d -p 8000:8000 --name dynamodb amazon/dynamodb-local -jar DynamoDBLocal.jar -sharedDb
The AWS credentials AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must exist in your environment as environment variables or in the .aws credential file. These values are used by the aws-sdk to instantiate sdk objects.
You can provide any value for them when using dynamodb-local. Real values are needed when performing operations on remote AWS services such as generating CAPTCHA audio using AWS Polly.
yarn install
yarn start
Once server starts, the API will be available at http://localhost:3000/api. The local server is also configured to seed some basic data from the data directory.
The Serverless Framework is setup to package Lambda functions into individual zip files which is then used by Terraform to deploy to AWS.
yarn build
On push to the Main branch, three actions run:
- Lint
- Unit Tests
- Deploy to dev
The deploy to dev orchestrates deployment to AWS dev.
There are three places where secrets and variables are stored.
The secrets stored in Github are required for the AWS configuration in Github actions. The variables are as follows:
- AWS_REGION
These secrets are permanent and will not have to be changed in the future.
These environment variables need to be set for each dev/test/prod environment:
- ACCOUNT_ID
- AWS_ROLE_ARN_TO_USE
There are a few secrets and variables that must be stored in Terraform Cloud. This is because they are required for provider initilization. This initialization happens before we are able to get variables from Github so they cannot be passed from AWS Parameter store. The variables are as follows:
- target_env
- AWS_SECRET_ACCESS_KEY
- AWS_ACCESS_KEY_ID
- aws_region
- target_aws_account_id
These variables and secrets are permanent and will not have to be changed in the future.
These variables are required by Github Actions as well as Terraform. The variables themselves are stored in AWS Parameter Store. These parameters are organized into four categories:
- bcparks-ar-api/
- bcparks-ar-admin/
These variables are passed to Terraform Cloud in the following steps:
AWS Parameter Store -> Github -> Terragrunt -> *.auto.tfvars -> Terraform Cloud
If a variable must be updated, you must update it from AWS Parameter store.
API requires a JWT secret for emails to work. This secret is stored in Secret Manager on AWS. This allows for secret rotation. This secret is accessed by Terraform Cloud directly.
For each of the functions we must run yarn install. After that, each function directory is zipped up and uploaded to S3. These zips will then be pulled down by Terraform Cloud.
This creates several things in AWS:
- DynamoDB
- Cloudfront Distribution
- Connections among S3, Cloudfront, DynamoDB and API Gateway.
Test pipeline is triggered by publishing a release that is marked as a pre-release.
Prod pipeline is triggered by removing the pre-release tag from a release.
Config service is used to alter frontend via DynamoDB. In Dynamo, an item with the PK and SK of config must exist. Within the attributes, you are able to set certain configurations such as KEYCLOAK_ENABLED, API_LOCATION, and debugMode.
This item is request by the front ends upon client connection.